[FWaaS] firewall l2 agent extension is not compatible with LinuxBridge agent

Bug #1752006 reported by Nguyen Phuong An on 2018-02-27
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
High
Nguyen Phuong An

Bug Description

When I try to enable fwaas_v2 with Q_AGENT=linuxbridge, I've got the error as below:

Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: INFO neutron.agent.agent_extensions_manager [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Loaded agent extensions: ['fwaas_v2']
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: INFO neutron.agent.agent_extensions_manager [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Initializing agent extension 'fwaas_v2'
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Error starting thread.: AttributeError: 'LinuxbridgeAgentExtensionAPI' object has no attribute 'request_int_br'
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service Traceback (most recent call last):
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/oslo_service/service.py", line 729, in run_service
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service service.start()
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/osprofiler/profiler.py", line 157, in wrapper
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service result = f(*args, **kwargs)
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron/neutron/plugins/ml2/drivers/agent/_common_agent.py", line 86, in start
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service self.init_extension_manager(self.connection)
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/osprofiler/profiler.py", line 157, in wrapper
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service result = f(*args, **kwargs)
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron/neutron/plugins/ml2/drivers/agent/_common_agent.py", line 178, in init_extension_manager
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service connection, self.mgr.get_extension_driver_type(), agent_api)
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron/neutron/agent/agent_extensions_manager.py", line 54, in initialize
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service extension.obj.initialize(connection, driver_type)
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py", line 73, in initialize
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service int_br = self.agent_api.request_int_br()
Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service AttributeError: 'LinuxbridgeAgentExtensionAPI' object has no attribute 'request_int_br'
Th02 27 14:15:14 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service

Currently, firewall l2 agent extension is work with openvswitch agent. So shall we make firewall l2 agent extension is compatible with linuxbridge agent?

Nguyen Phuong An (annp) on 2018-02-27
description: updated
Changed in neutron:
assignee: nobody → Nguyen Phuong An (annp)
Slawek Kaplonski (slaweq) wrote :

So do You want to add some validation and "nice" error message that fwaas is not compatible with Linuxbridge agent or You want to add support for fwaas in LB agent?

tags: added: fwaas
Changed in neutron:
status: New → Confirmed
Nguyen Phuong An (annp) wrote :

@Slawek:
IMO, it's better to support fwaas in LB agent. But I'm not sure if fwaas team has a plan for supporting iptables driver for fwaas. However, at least we can make firewall l2 agent to be more generic by moving 'request_int_br' to driver side. Do you think so?

Slawek Kaplonski (slaweq) wrote :

request_int_br is method from ovs agent extension API class AFAIR. It shouldn't be added to LB agent extension class as there is no int_br in LB agent at all.
IMO it would be good to propose some simple (I hope) patch which will tell user that "this L2 agent is not supported with fwaas" or something like that and later propose patch which provides such support for LB agent and iptables driver (if there are such plans).
What do You think about it?

Nguyen Phuong An (annp) wrote :

@Slawek: IMO, it's better to note that in document because if operator doesn't specify firewall_l2_driver for firewall l2 agent extension, then firewall_l2_driver will be set to 'noop' as [1]. So I think we don't need to log something in code. What do you think about that option?

[1] https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py#L96

Slawek Kaplonski (slaweq) wrote :

Updating docs sounds reasonable for me :)

Reviewed: https://review.openstack.org/548195
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=acc08e0da71eb23c869f4053c876bf7f25028f89
Submitter: Zuul
Branch: master

commit acc08e0da71eb23c869f4053c876bf7f25028f89
Author: Nguyen Phuong An <email address hidden>
Date: Tue Feb 27 16:11:33 2018 +0700

    Make firewall l2 agent extension more generic

    Currently, firewall l2 agent extension is not compatible with LB agent.
    This patch make firewall l2 agent extension to be more generic by moving
    'request_int_br' to driver side.

    Change-Id: Ibcbf55b3cfd960a04b515933c8ede8b4e16cf0b9
    Related-Bug: #1752006

Changed in neutron:
importance: Undecided → High
tags: added: linuxbridge
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers